Abstract
A new anomaly detection method based on models of user behavior at the command level is proposed as an intrusion detection technique. The hybrid command sequence (HCS) model is trained from historical session data by a genetic algorithm, and then it is used as the criterion in verifying observed behavior. The proposed model considers the occurrence of multiple command sequence fragments in a single session, so that it could recognize non-sequential patterns. Experiment results demonstrate an anomaly detection rate of higher than 90%, comparable to other statistical methods and 10% higher than the original command sequence model.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kim, H.J.: Biometrics, Is It a Viable Proposition for Identity Authentication and Access Control? Computers & Security 14(3), 205–214 (1995)
Computer Security Institute: CSI/FBI Computer Crime and Security Survey Results Quantify Financial Losses. Computer Security Alert 181 (1998)
Biermann, E., Colete, E., Venter, L.M.: A Comparison of Intrusion Detection Systems. Computers & Security 20(8), 676–783 (2001)
Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden
Murali, A., Rao, M.: A Survey on Intrusion Detection Approaches. In: Proc. of ICICT, pp. 233–240 (2005)
Schonlau, M., et al.: Computer Intrusion: Detecting Masquerades. Statistical Science 16(1), 58–74 (2001)
Odaka, T., Shirai, H., Ogura, H.: An Authentication Method Based on the Characteristics of the Command Sequence. IEICE J85-D-I(5), 476–478 (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Jian, Z., Shirai, H., Takahashi, I., Kuroiwa, J., Odaka, T., Ogura, H. (2007). A Hybrid Command Sequence Model for Anomaly Detection. In: Zhou, ZH., Li, H., Yang, Q. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2007. Lecture Notes in Computer Science(), vol 4426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71701-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-71701-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71700-3
Online ISBN: 978-3-540-71701-0
eBook Packages: Computer ScienceComputer Science (R0)